Skip to content
This repository has been archived by the owner on Nov 1, 2017. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge remote-tracking branch 'origin/master' into rspec-acceptance
* origin/master:
  formatting
  Use base64 from forge
  Fix typo
  reverting changes to db/schema.rb
  add/delete files
  moving to forge for aes
  Add info on joining the core team
  draft of core team docs
  • Loading branch information
bkeepers committed Feb 12, 2013
2 parents 44cdd57 + a9eb06f commit eab5364
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 41 deletions.
2 changes: 2 additions & 0 deletions README.md
Expand Up @@ -52,3 +52,5 @@ If you hack on Swordfish and end up adding or editing features you will want to
run the tests.

bundle exec rake

Want to join the [core team](https://github.com/github/swordfish/blob/master/docs/core.md)?
32 changes: 23 additions & 9 deletions app/assets/javascripts/models/item_key.coffee
@@ -1,18 +1,32 @@
#= require aes

class @ItemKey
# FIXME: replace with forge
@cipher: CryptoJS.AES
@bytes: 64
@cipher: forge.aes
@key_size: 256 / 8

@generate: ->
forge.random.getBytes(@bytes)
forge.random.getBytes(@key_size)

constructor: (@key) ->

encrypt: (data) ->
@constructor.cipher.encrypt(JSON.stringify(data), @key).toString()
iv = forge.random.getBytes(16)
buffer = forge.util.createBuffer(JSON.stringify(data))
cipher = @constructor.cipher.startEncrypting(@key, iv)

cipher.update(buffer)
cipher.finish()
ciphertext = cipher.output.data

JSON.stringify
iv : forge.util.encode64(iv)
data: forge.util.encode64(ciphertext)

decrypt: (data) ->
result = @constructor.cipher.decrypt(data, @key)
JSON.parse(result.toString(CryptoJS.enc.Utf8))
params = JSON.parse(data)
iv = forge.util.decode64(params['iv'])
ciphertext = forge.util.decode64(params['data'])
buffer = forge.util.createBuffer(ciphertext)
cipher = forge.aes.startDecrypting(@key, iv)

cipher.update(buffer)
cipher.finish()
JSON.parse(cipher.output.data)
30 changes: 30 additions & 0 deletions docs/core.md
@@ -0,0 +1,30 @@
# Core Team

Swordfish is built and maintained by volunteers with a desire to increase security amongst teams without adding unnecessary overhead for individuals.

## Areas of Need

There are several areas of expertise needed to make Swordfish successful.

* **JavaScript** - Most of the front application is written in JavaScript (well, CoffeeScript), built around [Backbone.js](http://backbonejs.org) and uses many other libraries.
* **Ruby** - The API is a relatively small Ruby on Rails application, tested with RSpec and Cucumber, with data persisted in MongoDB.
* **Design**
* **Cryptography** - The application uses AES to encrypt items, and then encrypts the item key with an RSA key for each user.
* **Security** - Strong cryptography is useless if there are simple exploits in other parts of the application.

## Responsibilities

* Review, discuss and merge [pull requests](https://github.com/github/swordfish/pulls)
* Offer feedback on [Issues](https://github.com/github/swordfish/issues) and [mailing list discussions](https://groups.google.com/group/swordfishapp)
* Be a decent human being
* Give a damn

## Joining the team

Send a 2,000 word essay on why you think you would be a good fit for the core team, along with a portrait and profile photograph to…just kidding.

Just get involved. Send a pull request, comment on an issue, or participate in a discussion. If you are still interested in joining the core team after you've been involved for a few weeks, then get in touch with [Brandon Keepers](http://github.com/bkeepers).

## Members

* [Brandon Keepers](http://github.com/bkeepers)
32 changes: 0 additions & 32 deletions vendor/assets/javascripts/aes.js

This file was deleted.

0 comments on commit eab5364

Please sign in to comment.